Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36037 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-27 | N/A | 5.5 MEDIUM |
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | |||||
| CVE-2024-5608 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-26 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | |||||
| CVE-2024-49574 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-20 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | |||||
| CVE-2024-36485 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-07 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. | |||||
| CVE-2023-50785 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-10-28 | N/A | 2.7 LOW |
| Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | |||||
| CVE-2024-5586 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | |||||
| CVE-2024-5490 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. | |||||
| CVE-2024-5556 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. | |||||
| CVE-2024-5467 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. | |||||
| CVE-2024-36517 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. | |||||
| CVE-2024-36515 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard. | |||||
| CVE-2024-36516 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard. | |||||
| CVE-2024-36514 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. | |||||
| CVE-2024-5527 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-16 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. | |||||
| CVE-2024-36035 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-16 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. | |||||
| CVE-2024-5487 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-16 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. | |||||
| CVE-2024-36034 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-16 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. | |||||
| CVE-2023-32783 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Adaudit Plus | 2024-08-02 | N/A | 7.5 HIGH |
| The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour." | |||||
| CVE-2024-0253 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 8.8 HIGH |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | |||||
| CVE-2024-0269 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 8.8 HIGH |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | |||||